Most professionals understand the basics of how ransomware works: your files and data are encrypted by malicious software, then a ransom payment is demanded to restore access. However, you may not fully recognize the devastating effect these attacks can have on a business – and that your chances of being targeted are higher than ever.
While ransomware attacks once primarily targeted individuals and requested payments of a few hundred dollars, attackers have realized the real money lies in attacking companies. Healthcare organizations are especially attractive to these cybercriminals, thanks to the higher perceived likelihood of payment, the importance of the data stored on their networks, and the impression they are less prepared for ransomware demands.
As with most things in life, an ounce of prevention is worth a pound of cure. Healthcare organizations should recognize their ransomware risk and take action to protect employees, networks and data in the case of an attack. Here are some ways your company can defend against this growing threat:
Protect your employees
- Conduct regular security awareness training and phishing campaigns.
- Make sure employees always operate with least privilege.
Protect your network
- Apply security patches within 30 days of release.
- Use email filtering to block spam and phishing messages, and Web filtering to block access to malicious websites.
- Segment your network based on the classification level of information stored on
- its systems.
- Monitor critical systems, avoid all unsupported operating systems or platforms, and have a process to decommission unused systems.
Protect your data
- Back up business data regularly.
- Test backups for restorability, and ensure they are stored offline and offsite.
- Have a formal Incident Response Plan (designed to quickly contain an incident) as well as Disaster Recovery and Business Continuity plans, and test them all annually.
Healthcare organizations also need to be aware that trusted third-party vendors could become infected with ransomware. This might result in information becoming unavailable or, even worse, attackers using a vendor’s network access to spread an infection and impact your corporate systems. Some ways to be more resilient against these outcomes include:
- Have a formal vendor management program that classifies each vendor’s type of data and level of access.
- Make sure every vendor operates with least privilege and requires multi-factor authentication.
- Require all vendors to protect information with safeguards at least as good as your own, and perform due diligence and annual audits to ensure they meet your standards.
- Require vendors to defend and indemnify you if they contribute to a cyber event or HIPAA breach, and to either have sufficient liquid assets and appropriate insurance coverage (which depending on the vendor’s business may include cyber, professional liability, and E&O) to cover their foreseeable liability.
- Make sure each contract clarifies how data will be returned or destroyed at the end of an engagement.
Beyond taking steps to prevent ransomware attacks, your organization should prepare to respond quickly if an attack is successful. First, you’ll need to identify the threat and invoke the Incident Response Plan, taking time to contact law enforcement and your insurer. It may be necessary to power down systems as you work to contain the infection, so healthcare organizations should develop a process for providing patient care during EHR downtimes. After the malware is contained, it’s important to review the incident for lessons learned (preferably though a root cause analysis) and take all steps necessary to ensure a similar incident doesn’t happen again.
Unfortunately, a single ransomware attack can be devastating – and healthcare organizations may be especially vulnerable. By recognizing your risk and developing plans to prevent and respond to ransomware attacks, you’ll help protect your company – and its data –from this growing threat.